Docusign breached - Account emails used for phishing attacks

DocuSign have confirmed a breach where according to their forensics attackers gained access to one of systems enabling them to harvest customers email addresses and then use them to launch phishing attacks.

If regardless of you are a DocuSign customer or not you will want to brief your IT, operations and customer support people to be alert for inbound phishing e-mails to staff and be potentially also be ready to field reports from your customers and any 3rd parties you deal with that may be receiving these malicious e-mails.

Now is an excellent time to also send a security awareness message out to the rest of your business that details some short and concise advice for your users to report anything they get to the right people running incident response.